This is the third reincarnation of this website. It’s amazing how time flies by.

V1

Built early 2007 on websitebaker, I self hosted this on various available university computers. At the time I was working as a Linux sysadmin and going to school. I liked websitebaker because of how simple it was to customize and figure out how it worked. Here is a post on the theme.

V2

Built in mid 2009 when I was leaving the university to go work for IOActive in Seattle, I needed a new place for hosting which I had been getting for free. I went with site5 largely because it was cheap (around $5/month), and it had ssh access so I could migrate fairly easily (e.g. leaving all files in the same structure). I also migrated from websitebaker to wordpress, which is a huge improvement in my opinion. With the wife’s help, I wrote the Ryu theme as a modification of the existing theme.

V3

I don’t get a lot of traffic, but when I do get bursts then site5 seems to struggle. I’m working on some things I think are neat lately (coming soon! I’m planning on putting more effort here than I ever have before) and I want the website to stay responsive if I ever get slashdotted or something. I ultimately wanted to stay with wordpress as the cms but was willing to try others. I looked at/considered EC2, Media Temple, and Blogger. In the end, I think WordPress.com is the best fit. It has a low price tag ($30/yr for no ads, $30/yr for custom css, and $15/yr so I can use my domain). Besides scalability, I just feel like if I tried I could hack site5 and that scares me. I did find a wordpress bug one time, but when I was looking for it I was pretty impressed with the general code quality.

My big reservation with wordpress.com was that I couldn’t upload arbitrary files to share, but with things like skydrive (which I use), dropbox, google drive, and Amazon’s services it make sense to separate that piece and link to that content. I spent a lot of time this weekend working to get the new setup (my lovely wife also helped with the CSS), and I think it’s generally looking pretty good :)

It was written in an AI book I’m reading that the hill-climbing algorithm finds about 14% of solutions. I implemented a version and got 18%, but this could easily be due to different implementations – like starting in random columns rather than random places on the board, and optimizing per column. Anyway, here is the program.

README

This program is a hillclimbing program solution to the 8 queens problem. The algorithm is silly in some places, but suits the purposes for what I was working on I think. It was tested with python 2.6.1 with psyco installed. If big runs are being tried, having psyco may be important to maintain sanity, since it will speed things up significanlty. Otherwise, you may want to stick to –numrun being less than around 50.

The board is simply defined as a two dimensional list, with the occupied elements stored as “Q” and empty emements as 0. The initial board is generated by picking a random row and column to place a queen, although the class structure allows for predefined boards to be manually passed in. If the spot on the board is occupied, then another spot is randomly chosen.

Violations are calculated by iterating through every queen and checking horizontally, vertically, and diagonally for other queens. Each violation is totalled up, and at the end they are divided by 2 since violations were overcounted. This could certainly be optimized further.

The hill solution works by checking every possible single move and returning the best of these. Obviously, this could also be improved upon. The book’s algorithm (which was not available while programming this) simply attempts to move every space within a column rather than every open spot on the board – which would speed up the process by an order of magnitude and also decrease the likelihood of finding a solution by a small percentage. Also, it appears that the random initial state only contains one queen per column, which is also different from this implementation. The assignment specification mentions a randomly generated board, which is what this implementation was based on. If an implementation closer to that of the book is desired, please let me know, as it would only be a minor adjustment.

With this algorithm, every queen on the board tries to move to every spot on the board, and violations are re-calculated. A move with the least violations is chosen and the process repeats until there is no improvement. It there is no improvement after every queen has had a go, there is no solution found and the algorithm returns. If there is an improvement, the algorithm continues for another go-around.

The biggest run so far is just 1000 nodes. It returned 175 successes, which is fairly close to the book’s given percentage or .14.

On a lot of multi-user systems, like the one at the school where we have 300+ users all with usermod enabled, we also happen to have other web services running. It’s inconvenient and in insecure for everyone to be running their dynamic web stuff as the same user. I understand this is nearly impossible to do with good security, but this is a university and the point of this server is to let students learn, which means being able to host code.

One security problem in particular is php. suexec was built for cgi-bin stuff – but php is a whole other beast. That’s what I’m talking about here – getting php to run as the user who owns it. More specifically, this will show how /home/user/public_html/myphp.php will run as “user”, but stuff in /var/www will still run as www-data.

First things first – mod_php needs to be disabled. This can be done globally, but it’s better to just disable it for public_html dirs. This can be done by adding the following to /etc/apache2/apache2.conf.

<Directory /home>
php_admin_flag engine off
</Directory>

Now, to enable suphp.

First install php-cgi. and the apache2 prefork which has some things we’ll need later on.

apt-get install php-cgi apache2-prefork-dev

Do not install libapache2-mod-suphp – at least not on 8.04. This older version lacks some of the things most people need… like having more than one directory.

Restart apache. To debug, check /var/log/apache2/errors.log. To test create scripts in public_html directories and in /var/www that exec(‘whoami’) and make sure they’re called with the correct permissions.

For the security class I’m teaching we recently had a box to pwn. Problem is, they would sometimes get the address wrong and crash the virtual system. I probably would have just distributed the vdi, but not all of them have machines robust enough to run a vm, so I had to set something up.
First off, I gave the virtual vulnerable box a public IP by bridging.